理解suricata.eve.timestamp

• Overview

  From Elasticsearch, suricata.eve.timestamp is one field name.

• Suricata

  Suricata is an open source-based intrusion detection system (IDS) and intrusion prevention system (IPS).

  It was developed by the Open Security Foundation (OSF).

  Suricata is a free and open-source, mature, fast and robust network threat detection engine.

  The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.

• EVE JSON Output

  The EVE output facility outputs alerts, anomalies, metadata, file info and protocol specific records through JSON.

  The most common way to use this is through ‘EVE’, which is a firhose approach where all these logs go into a single file.

• IDS & IPS

  An intrusion detection system is a device or software application that monitores a network or systems for malicious activity or policy violations.

• OSF

  The Open Security Foundation (OSF) was a 501©(3) non-profit public organization “founded and oeprated by information security enthusiasts”.

• suricata.eve.timestamp

  type: alias

  alias to : @timestamp

  One of the fields from Suricata fields, the Suricata fields is one of the categories from Exported fields which exported by Filebeat.

• Suricata fields

  Suricata fields, modules for handling the EVE JSON logs produced by Suricata.

  suricata: fields from the suricata EVE log file;

  eve: fields exported by the EVE JSON logs;